Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake SVCHost.exe in windows temp folder (keeps returning after being deleted)


  • Please log in to reply
12 replies to this topic

#1 aarond2lod

aarond2lod

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 27 March 2013 - 09:55 AM

Hey guys,

 

I've been having a problem with a fake svchost.exe that's always seems to return even after being deleted from the temp folder found in users/appdata/local/temp.

It's been here for maybe a week or two and i did notice something suspicious at the time, svchost asked to connect to the internet, and i was kinda busy so i just allowed thinking it was the windows svchost file.

Since then it's been eating my resources and generating a lot of heat, particular in my ati 6970hd graphics card, pushing it up to 85c when idle, then as soon as i terminate the process in task manager, drops to 50c within 10minutes. I've tried running AVG, MBAM and hitmanpro, MBAM picked it up and said it removed it, but upon restart, it's still there.

It also seems to be blocking my firewall, when i try to open windows firewall and use selected settings i get a firewall error (0x80070422) unless i manually start windows firewall process through services.

 

Please can you help me, i really want to get rid of this for good, deleting from task manager and manually starting windows firewall upon pc start every time is annoying.

thanks in advance,

Aaron

 

P.S my OS is windows 7.



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:19 PM

Posted 27 March 2013 - 10:13 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL

  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu

  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

 
 


Edited by narenxp, 28 March 2013 - 11:14 AM.


#3 aarond2lod

aarond2lod
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 March 2013 - 11:09 AM

TDSS Log (No threats were found)

 

15:42:31.0491 5268  ============================================================
15:42:31.0491 5268  Scan finished
15:42:31.0491 5268  ============================================================
15:42:31.0507 5280  Detected object count: 0
15:42:31.0507 5280  Actual detected object count: 0
15:44:17.0774 4044  Deinitialize success

 

RKill log: ( note: found the svchost.exe within a few seconds and closed them - my graphics card fan immediately went quieter and cooler :D)

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/28/2013 03:45:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\David\AppData\Local\Temp\svchost.exe (PID: 2212) [SFI]
 * C:\Users\David\AppData\Local\Temp\svchost.exe (PID: 2212) [UP-HEUR]
 * C:\Users\David\AppData\Local\Temp\svchost.exe (PID: 2212) [T-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\David\Desktop\rkill\rkill-03-28-2013-03-45-53.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Disabled

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Disabled

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/28/2013 03:45:57 PM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)

I couldn't find the ESET online scanner button, only buy now and about 6 thinks to trial, wasnt sure which, if any to download, so left that one out.

Junkware removal tool log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by David on 28/03/2013 at 15:56:06.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-44762950-998316142-4120311134-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-44762950-998316142-4120311134-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\bittorrentbar
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\bittorrentbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\dttoolbar.toolbandobj.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminentsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminentsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\iwin"
Successfully deleted: [Folder] "C:\ProgramData\trymedia"
Successfully deleted: [Folder] "C:\Users\David\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\free ride games"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\cqip4mtv.default\user.js
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\cqip4mtv.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\cqip4mtv.default\searchplugins\search_results.xml
Successfully deleted: [Folder] C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\cqip4mtv.default\smartbar
Successfully deleted the following from C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\cqip4mtv.default\prefs.js

user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.FirstTime", "true");
user_pref("CT2504091.FirstTimeFF3", "true");
user_pref("CT2504091.UserID", "UN48575775209926775");
user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2504091.autoDisableScopes", -1);
user_pref("CT2504091.defaultSearch", "false");
user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2504091.enableAlerts", "always");
user_pref("CT2504091.enableSearchFromAddressBar", "true");
user_pref("CT2504091.firstTimeDialogOpened", "true");
user_pref("CT2504091.fixPageNotFoundError", "true");
user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2504091.fixUrls", true);
user_pref("CT2504091.installId", "vz_toolbar_8457240805136955237.tmp");
user_pref("CT2504091.installType", "ConduitNSISIntegration");
user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.isNewTabEnabled", true);
user_pref("CT2504091.isPerformedSmartBarTransition", "true");
user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://VuzeRemote.Ou
user_pref("CT2504091.openThankYouPage", "false");
user_pref("CT2504091.openUninstallPage", "false");
user_pref("CT2504091.search.searchAppId", "129079840422026594");
user_pref("CT2504091.search.searchCount", "0");
user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VuzeRemote.OurToolbar.com//xpi\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349027272108");
user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1349027271907");
user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349027273124");
user_pref("CT2504091.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349985074469");
user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1349027272325");
user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349027273105");
user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1349027271116");
user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1349939626318");
user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349027273150");
user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1349991158112");
user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1349939626412");
user_pref("CT2504091.settingsINI", true);
user_pref("CT2504091.shouldFirstTimeDialog", "false");
user_pref("CT2504091.smartbar.CTID", "CT2504091");
user_pref("CT2504091.smartbar.Uninstall", "0");
user_pref("CT2504091.smartbar.isHidden", true);
user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
user_pref("CT2504091.startPage", "false");
user_pref("CT2504091.toolbarBornServerTime", "30-9-2012");
user_pref("CT2504091.toolbarCurrentServerTime", "11-10-2012");
user_pref("CT2504091.toolbarDisabled", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "");
user_pref("Smartbar.ConduitSearchUrlList", "");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7B0985c54d-b2d4-451f-adeb-36ee1cab885e%7D&mid=3b52a38c526547d99da32524427daad7-f4001ac5c
user_pref("Smartbar.keywordURLSelectedCTID", "CT3201318");
user_pref("avg.install.userSPSettings", "Search Results");
user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Search Results");
user_pref("extensions.tweaktube.addit.remoteInstallItems", "{ \"software\": {\"13\": {\"id\": \"13\",\"title\": \"PriceGong\",\"type\": \"XPI\",\"url\": \"hxxps://www.softpubl
user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B0985c54d-b2d4-451f-adeb-36ee1cab885e%7D&mid=3b52a38c526547d99da32524427daad7-f4001ac5c87d92faa15b2c9bc7d7b74eb30
user_pref("tweaktube.pref.YTC_v9as2", "hxxp://s.ytimg.com/yt/swfbin/cps-vflWc5qlC.swf");
user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:\"hxxp://wedata.net/databases/AutoPagerize/items.json\", expire:(new Date(1
Emptied folder: C:\Users\David\AppData\Roaming\mozilla\firefox\profiles\cqip4mtv.default\minidumps [577 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/03/2013 at 16:00:42.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Edited by aarond2lod, 28 March 2013 - 11:09 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:19 PM

Posted 28 March 2013 - 11:14 AM

I couldn't find the ESET online scanner button, only buy now and about 6 thinks to trial, wasnt sure which, if any to download, so left that one out.

 

Try now



#5 aarond2lod

aarond2lod
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 March 2013 - 02:54 PM

ESET Online Scanner log:


C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F28T4FPU\svchost[1].exe    a variant of Win32/BitCoinMiner.N application    cleaned by deleting - quarantined
C:\Users\David\AppData\Local\Temp\130319175557188-000044.rsc_tmp    a variant of Win32/BitCoinMiner.N application    cleaned by deleting - quarantined
C:\Users\David\AppData\Local\Temp\svchost.exe    a variant of Win32/BitCoinMiner.N application    cleaned by deleting - quarantined
C:\Users\David\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\130319175557188.rsc    multiple threats    deleted - quarantined

 

Took over 3 hours cause i have about 800-900gb of games on my 1st hard drive :P
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:19 PM

Posted 28 March 2013 - 03:51 PM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox


  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware

  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log


#7 aarond2lod

aarond2lod
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 March 2013 - 04:42 PM

MBAM log:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David :: AARONSPCNEW [administrator]

28/03/2013 21:51:00
mbam-log-2013-03-28 (21-51-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219463
Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

Mini toolbox log:

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by David (administrator) on 28-03-2013 at 21:56:18
Running from "C:\Users\David\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Hardware not present)
TAP-Win32 Adapter V9 = Local Area Connection 3 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : AaronsPCnew
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F4-6D-04-99-43-24
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5cc:d808:81ab:5d1%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 28 March 2013 15:38:53
   Lease Expires . . . . . . . . . . : 29 March 2013 15:38:53
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 250899716
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-7E-88-1A-F4-6D-04-99-43-24
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       0.0.0.0
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.lan:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2a00:1450:4009:808::1007
      173.194.41.130
      173.194.41.132
      173.194.41.128
      173.194.41.134
      173.194.41.133
      173.194.41.137
      173.194.41.129
      173.194.41.136
      173.194.41.135
      173.194.41.142
      173.194.41.131


Pinging google.com [173.194.41.130] with 32 bytes of data:
Reply from 173.194.41.130: bytes=32 time=13ms TTL=54
Reply from 173.194.41.130: bytes=32 time=13ms TTL=54

Ping statistics for 173.194.41.130:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 13ms, Average = 13ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1

DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  206.190.36.45
      98.139.183.24
      98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=482ms TTL=45
Reply from 206.190.36.45: bytes=32 time=448ms TTL=45

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 448ms, Maximum = 482ms, Average = 465ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...f4 6d 04 99 43 24 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    276
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    276 fe80::/64                On-link
 10    276 fe80::5cc:d808:81ab:5d1/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/28/2013 04:17:16 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/28/2013 04:17:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (03/28/2013 04:17:16 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe

Error: (03/28/2013 04:17:14 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\David\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-03-28 15:44:20.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-28 15:34:56.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-28 12:53:06.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-27 14:38:34.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-27 14:26:35.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-26 14:33:34.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-25 13:37:09.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-25 10:23:03.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-24 08:49:47.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-23 12:46:27.963
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Age of Castles
Age of Empires III - The Asian Dynasties (Version: 1.00.0000)
Age of Empires III - The WarChiefs (Version: 1.00.0000)
Age of Empires III (Version: 1.00.0000)
Alarm (Version: 2.0.6)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
ANNO 2070 (Version: 1.0.0.0)
APB Reloaded (Version: 1.3.3.560517)
Assassin's Creed ® III (Version: 1.00)
AVG 2012 (Version: 12.0.2641)
AVG 2012 (Version: 12.1.2240)
AVG 2012 (Version: 2012.1.2240)
AVG PC Tuneup 2011 (Version: 10.0.0.23)
AVG Security Toolbar (Version: 14.0.3.14)
Bastion
BitTorrent (Version: 7.7.0.27987)
Borderlands (Version: 1.0.295)
Borderlands 2
Brink
CABAL Online Europe (Europe)
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Call of Juarez The Cartel
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (Version: 2011.0308.2325.42017)
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485)
CCC Help Czech (Version: 2012.1219.1520.27485)
CCC Help Danish (Version: 2012.1219.1520.27485)
CCC Help Dutch (Version: 2012.1219.1520.27485)
CCC Help English (Version: 2011.0308.2324.42017)
CCC Help English (Version: 2012.1219.1520.27485)
CCC Help Finnish (Version: 2012.1219.1520.27485)
CCC Help French (Version: 2012.1219.1520.27485)
CCC Help German (Version: 2012.1219.1520.27485)
CCC Help Greek (Version: 2012.1219.1520.27485)
CCC Help Hungarian (Version: 2012.1219.1520.27485)
CCC Help Italian (Version: 2012.1219.1520.27485)
CCC Help Japanese (Version: 2012.1219.1520.27485)
CCC Help Korean (Version: 2012.1219.1520.27485)
CCC Help Norwegian (Version: 2012.1219.1520.27485)
CCC Help Polish (Version: 2012.1219.1520.27485)
CCC Help Portuguese (Version: 2012.1219.1520.27485)
CCC Help Russian (Version: 2012.1219.1520.27485)
CCC Help Spanish (Version: 2012.1219.1520.27485)
CCC Help Swedish (Version: 2012.1219.1520.27485)
CCC Help Thai (Version: 2012.1219.1520.27485)
CCC Help Turkish (Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2011.0308.2325.42017)
ccc-utility64 (Version: 2012.1219.1521.27485)
Cheat Engine 6.1
Chuzzle Christmas Edition (Version: 1.01)
Clan of Champions
Company of Heroes - FAKEMSI (Version: 2.0.0.0)
Company of Heroes (Version: 2.602.0)
Confrontation
Counter-Strike: Global Offensive
Counter-Strike: Global Offensive - SDK
Crusader Kings II
Crysis 3 Digital Deluxe ... (Version: ...)
Crysis® 2 (Version: 1.0.0.0)
DAEMON Tools Pro (Version: 5.2.0.0348)
Darksiders II
Deer Hunter 2005
Deus Ex - Human Revolution version 1.0 (Version: 1.0)
Diablo II
Diablo III (Version: 1.0.6.13644)
Divine Divinity
Divinity II - The Dragon Knight Saga
DMC Devi May Cry © Capcom version 1 (Version: 1)
Dragon Age: Origins (Version: 1.04)
Dungeon Defenders
Dungeons and Dragons Daggerdale
Dxtory version 2.0.111 (Version: 2.0.111)
Elemental: Fallen Enchantress (Version: 1.00.072)
eReg (Version: 1.20.138.34)
EverQuest II
Fallout: New Vegas
Football Manager 2012
FreeVPN v3.20
Galactic Civilizations II: Ultimate Edition
Game Booster 3 (Version: 3.5)
Game of Thrones version 1.1.0.0 (Version: 1.1.0.0)
GameRanger
GamersFirst LIVE!
Hacker Evolution
Hellgate: London (Version: 1.10.180.3416)
Heroes of Might and Magic V Collector Edition
High-Definition Video Playback 10 (Version: 7.0.11400.29.0)
Hitman: Absolution
HitmanPro 3.7 (Version: 3.7.2.190)
HyperCam 3 (Version: 3.1.1012.03)
Impire
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 35 (Version: 6.0.350)
Just Cause 2 (Version: 1.0.0.1)
King Arthur II
Kingdoms of Amalur Reckoning
King's Bounty: Warriors of the North
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Krater
League of Legends (Version: 1.02.0000)
LightScribe System Software (Version: 1.18.6.1)
Logitech SetPoint 6.32 (Version: 6.32.20)
Lord of the Rings - War in the North
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mass Effect (Version: 1.00)
Mass Effect™ 3 (Version: 1.01.0.0)
Medieval II: Total War
Medieval II: Total War Kingdoms
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
mIRC (Version: 7.25)
Mount & Blade
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0)
Need for Speed Most Wanted
Need for Speed™ Carbon
Nero 10 Menu TemplatePack Basic (Version: 10.0.10600.6.0)
Nero 10 Movie ThemePack Basic (Version: 10.0.10600.6.0)
Nero BackItUp 10 (Version: 5.4.11600.19.100)
Nero BackItUp 10 Help (CHM) (Version: 1.0.10700)
Nero Burning ROM 10 (Version: 10.0.11100.10.100)
Nero BurningROM 10 Help (CHM) (Version: 1.0.10700)
Nero BurnRights 10 (Version: 4.0.11000.12.100)
Nero BurnRights 10 Help (CHM) (Version: 1.0.10600)
Nero Control Center 10 (Version: 10.0.12000.1.4)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.13700.0.1)
Nero CoverDesigner 10 (Version: 5.0.10900.11.100)
Nero CoverDesigner 10 Help (CHM) (Version: 1.0.10600)
Nero DiscSpeed 10 (Version: 6.0.10800.7.100)
Nero DiscSpeed 10 Help (CHM) (Version: 1.0.10600)
Nero Dolby Files 10 (Version: 2.0.11000.0.10)
Nero Express 10 (Version: 10.0.11000.10.100)
Nero Express 10 Help (CHM) (Version: 1.0.10700)
Nero InfoTool 10 (Version: 7.0.10800.8.100)
Nero InfoTool 10 Help (CHM) (Version: 1.0.10600)
Nero MediaHub 10 (Version: 1.0.13400.11.100)
Nero MediaHub 10 Help (CHM) (Version: 1.0.10700)
Nero Multimedia Suite 10 (Version: 10.0.13100)
Nero Recode 10 (Version: 4.6.10900.4.100)
Nero Recode 10 Help (CHM) (Version: 1.0.10600)
Nero RescueAgent 10 (Version: 3.0.10900.9.100)
Nero RescueAgent 10 Help (CHM) (Version: 1.0.10700)
Nero SoundTrax 10 (Version: 4.6.10600.2.100)
Nero SoundTrax 10 Help (CHM) (Version: 1.0.10600)
Nero StartSmart 10 (Version: 10.0.11200.12.100)
Nero StartSmart 10 Help (CHM) (Version: 1.0.10700)
Nero Update (Version: 1.0.0017)
Nero Vision 10 (Version: 7.0.11100.8.100)
Nero Vision 10 Help (CHM) (Version: 1.0.10600)
Nero WaveEditor 10 (Version: 5.6.10600.2.100)
Nero WaveEditor 10 Help (CHM) (Version: 1.0.10600)
Neverwinter Nights 2 (Version: 1.00.0000)
NVIDIA PhysX (Version: 9.10.0513)
Orcs Must Die 2
Overwolf (Version: 0.38.222)
Pando Media Booster (Version: 2.6.0.8)
Path of Exile (Version: 0.10.0.22655)
Pivot Software (Version: 9.03.004)
PowerISO (Version: 4.8)
PunkBuster Services (Version: 0.986)
Puzzle Express
Quake Live Mozilla Plugin (Version: 1.0.520)
R.A.W Realms of Ancient War © Focus Home Interactive version 1 (Version: 1)
RaiderZ (Version: 1.0.0.36249)
Rcon Unlimited 1.0
Realtek Ethernet Controller All-In-One Windows Driver (Version: 7.46.610.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6602)
Red Faction Guerrilla (Version: 1.00.0000)
RetroCopy64 version 0.960 (Version: 0.960)
Risen 2 - Dark Waters (Version: Risen 2 - Dark Waters)
Roll
RtkDashClientInstaller (Version: 1.0.7)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (Version: 1.6.02)
Sacred 2 - Elite (Version: 1.00.0000)
Sacred 2 (Version: 2.0.2.0)
Saints Row The Third
SDK (Version: 2.20.009)
SHIFT 2 UNLEASHED™ (Version: 1.0.0.0)
Skype™ 5.8 (Version: 5.8.158)
Sleeping Dogs.v 1.5 + 12 DLC (Version: Sleeping Dogs.v 1.5 + 12 DLC)
SmartControl (Version: 2.00.021)
SpeedFan (remove only)
Spellforce 2: Gold Edition
SpyHunter (Version: 4.12.13.4202)
Star Wars: The Old Republic (Version: 1.00)
Star Wars®: Knights of the Old Republic ™
StarCraft II (Version: 1.0.0.16117)
Steam (Version: 1.0.0.0)
Stronghold 3
Supreme Commander 2
swMSM (Version: 12.0.0.1)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 8 (Version: 8.0.16447)
The Battle for Middle-earth ™ II
The Cursed Crusade © DTP version 1 (Version: 1)
The Elder Scrolls V: Skyrim
The Secret World (Version: 1.0.0)
THE SETTLERS - Rise of an Empire (Version: 1.00.0000)
The War Z version alpha (Version: alpha)
The Witcher 2 - Assassins of Kings Enhanced Edition
TL-PA211 Powerline Utility (Version: 1.0)
TL-PA211 Powerline Utility (Version: 2.0)
Tom Clancy's Splinter Cell Conviction (Version: 1.00.000)
Torchlight (Version: 0.0.66.192)
Torchlight II © Runic Games version 1 (Version: 1)
Tunngle beta
TZAC ANTICHEAT 2 (Version: 2)
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Universe at War: Earth Assault
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Uplay (Version: 2.0)
Ventrilo Client (Version: 3.0.7)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Warhammer® 40,000®: Dawn of War® II – Retribution™
Warhammer® 40,000™: Dawn of War® II
Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
Winamp (Version: 5.61 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Wolfenstein - Enemy Territory
Xfire (remove only)
XSound Enhancer for Winamp 5.x

========================= Devices: ================================

Name: TAP-Win32 Adapter V9 (Tunngle) #2
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 8168.88 MB
Available physical RAM: 5679.65 MB
Total Pagefile: 16335.94 MB
Available Pagefile: 13762.72 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.01 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:100.16 GB) NTFS
7 Drive i: (New Volume) (Fixed) (Total:931.51 GB) (Free:922.24 GB) NTFS

========================= Users: ========================================

User accounts for \\AARONSPCNEW

Administrator            ASPNET                   David                    
Guest                    


**** End of log ****


Edited by aarond2lod, 28 March 2013 - 05:01 PM.


#8 aarond2lod

aarond2lod
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 March 2013 - 05:00 PM

Farbar Service Scanner log:

 

Farbar Service Scanner Version: 03-03-2013
Ran by David (administrator) on 28-03-2013 at 22:02:30
Running from "C:\Users\David\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

AdWate cleaner log:

 

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 22:10:47
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : David - AARONSPCNEW
# Boot Mode : Normal
# Running from : C:\Users\David\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\cqip4mtv.default\prefs.js

Deleted : user_pref("extensions.aniweather.timeShifted", 1447119);

-\\ Google Chrome v22.0.1229.95

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [17037 octets] - [28/03/2013 22:06:17]
AdwCleaner[S2].txt - [923 octets] - [28/03/2013 22:10:47]

########## EOF - C:\AdwCleaner[S2].txt - [982 octets] ##########

 

 

Autoruns log:

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""    "14/07/2009 04:49"
+ "rdpclip"    ""    ""    "File not found: rdpclip"    ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "02/10/2011 15:45"
+ "EvtMgr6"    "Logitech SetPoint Event Manager (UNICODE)"    "Logitech, Inc."    "c:\program files\logitech\setpointp\setpoint.exe"    "07/10/2011 09:12"
+ "RtHDVBg_DTS"    "HD Audio Background Process"    "Realtek Semiconductor"    "c:\program files\realtek\audio\hda\ravbg64.exe"    "09/03/2012 06:06"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "28/03/2013 22:12"
+ "Adobe"    ""    ""    "c:\users\david\appdata\roaming\adobe\color.vbe"    "13/03/2013 22:37"
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"    "03/12/2012 07:34"
+ "AVG_TRAY"    "AVG Tray Monitor"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgtray.exe"    "19/11/2012 14:08"
+ "DT PLP"    ""    ""    "c:\program files (x86)\common files\portrait displays\shared\dt_startup.exe"    "28/01/2010 23:17"
+ "NUSB3MON"    "USB 3.0 Monitor"    "NEC Electronics Corporation"    "c:\program files (x86)\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"    "22/01/2010 03:29"
+ "PivotSoftware"    "Pivot Software Support Application"    "Portrait Displays, Inc."    "c:\program files (x86)\portrait displays\pivot software\wpctrl.exe"    "03/03/2009 19:40"
+ "StartCCC"    "Catalyst® Control Center Launcher"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"    "19/12/2012 20:12"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"    "03/07/2012 16:04"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "04/06/2011 01:03"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "13/07/2009 23:58"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "04/06/2011 01:04"
+ "LightScribe Control Panel"    ""    "Hewlett-Packard Company"    "c:\program files (x86)\common files\lightscribe\lsrunonce.exe"    "17/06/2009 19:11"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"    "13/07/2009 23:42"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""    "14/07/2009 04:53"
+ "linkscanner"    "Safe Search pluggable protocol"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgppa.dll"    "27/03/2012 03:17"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "20/08/2011 13:10"
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"    "18/11/2010 16:08"
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgsea.dll"    "14/02/2012 03:51"
+ "MagicISO"    "MagicISO Shell Extension Module"    "MagicISO, Inc."    "c:\program files (x86)\magiciso\misosh64.dll"    "22/05/2008 15:25"
+ "PowerISO"    "PowerISOShell DLL"    "PowerISO Computing, Inc."    "c:\program files (x86)\poweriso\pwrisosh.dll"    "15/06/2011 08:35"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "28/05/2011 16:04"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "20/08/2011 13:10"
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgse.dll"    "14/02/2012 03:51"
+ "NBShellHook Class"    "Nero BackItUp"    "Nero AG"    "c:\program files (x86)\nero\nero 10\nero backitup\nbshell.dll"    "26/03/2010 03:59"
+ "NeroShellExt Class"    "Nero Burning ROM Shell Extension"    "Nero AG"    "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"    "18/03/2010 16:08"
+ "WinRAR32"    ""    ""    "c:\program files\winrar\rarext32.dll"    "28/05/2011 16:04"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "14/07/2009 04:53"
+ "GB3ContextMenu"    "Game Booster v3 Context Menu"    "IObit"    "c:\program files (x86)\iobit\game booster 3\gbv3contextmenu.dll"    "28/11/2011 08:22"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"    "14/12/2012 20:52"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "02/01/2005 00:41"
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"    "18/11/2010 16:08"
+ "MagicISO"    "MagicISO Shell Extension Module"    "MagicISO, Inc."    "c:\program files (x86)\magiciso\misosh64.dll"    "22/05/2008 15:25"
+ "PowerISO"    "PowerISOShell DLL"    "PowerISO Computing, Inc."    "c:\program files (x86)\poweriso\pwrisosh.dll"    "15/06/2011 08:35"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "28/05/2011 16:04"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "02/01/2005 00:41"
+ "NeroShellExt Class"    "Nero Burning ROM Shell Extension"    "Nero AG"    "c:\program files (x86)\common files\nero\neroshellext\neroshellext.dll"    "18/03/2010 16:08"
+ "WinRAR32"    ""    ""    "c:\program files\winrar\rarext32.dll"    "28/05/2011 16:04"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "02/01/2005 00:41"
+ "7-Zip"    "7-Zip Shell Extension"    "Igor Pavlov"    "c:\program files\7-zip\7-zip.dll"    "18/11/2010 16:08"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "28/05/2011 16:04"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""    "02/01/2005 00:41"
+ "WinRAR32"    ""    ""    "c:\program files\winrar\rarext32.dll"    "28/05/2011 16:04"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "14/07/2009 04:53"
+ "ACE"    "AMD Desktop Control Panel"    "Advanced Micro Devices, Inc."    "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"    "19/12/2012 20:14"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"    "14/07/2009 01:32"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "14/07/2009 04:53"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"    "14/07/2009 01:09"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "01/07/2011 15:35"
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"    "18/12/2012 13:02"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "01/07/2011 15:35"
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgsea.dll"    "14/02/2012 03:51"
+ "MagicISO"    "MagicISO Shell Extension Module"    "MagicISO, Inc."    "c:\program files (x86)\magiciso\misosh64.dll"    "22/05/2008 15:25"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"    "14/12/2012 20:52"
+ "PowerISO"    "PowerISOShell DLL"    "PowerISO Computing, Inc."    "c:\program files (x86)\poweriso\pwrisosh.dll"    "15/06/2011 08:35"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "28/05/2011 16:04"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "01/07/2011 15:35"
+ "AVG Shell Extension"    "AVG Shell Extension"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgse.dll"    "14/02/2012 03:51"
+ "NBShellHook Class"    "Nero BackItUp"    "Nero AG"    "c:\program files (x86)\nero\nero 10\nero backitup\nbshell.dll"    "26/03/2010 03:59"
+ "WinRAR32"    ""    ""    "c:\program files\winrar\rarext32.dll"    "28/05/2011 16:04"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "01/07/2011 15:35"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"    "28/05/2011 16:04"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "01/07/2011 15:35"
+ "NBShellHook"    "Nero BackItUp"    "Nero AG"    "c:\program files (x86)\nero\nero 10\nero backitup\nbshell.dll"    "26/03/2010 03:59"
+ "WinRAR32"    ""    ""    "c:\program files\winrar\rarext32.dll"    "28/05/2011 16:04"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "28/03/2013 12:42"
+ "AVG Do Not Track"    "AVG Do Not Track for IE"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgdtiea.dll"    "15/10/2012 00:11"
+ "AVG Safe Search"    "Safe Search for Internet Explorer"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgssiea.dll"    "15/10/2012 01:41"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"    "18/08/2009 19:47"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "28/03/2013 22:16"
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"    "18/12/2012 12:32"
+ "AVG Do Not Track"    "AVG Do Not Track for IE"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgdtiex.dll"    "14/10/2012 23:39"
+ "AVG Safe Search"    "Safe Search for Internet Explorer"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgssie.dll"    "15/10/2012 01:41"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"    "01/03/2013 13:51"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"    "01/03/2013 13:50"
+ "Windows Live ID Sign-in Helper"    "Microsoft® Windows Live ID Login Helper"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"    "18/08/2009 18:28"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "14/03/2013 14:33"
+ "AVG Do Not Track"    "AVG Do Not Track for IE"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgdtiea.dll"    "15/10/2012 00:11"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "14/03/2013 14:33"
+ "AVG Do Not Track"    "AVG Do Not Track for IE"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgdtiex.dll"    "14/10/2012 23:39"
"Task Scheduler"    ""    ""    ""    ""
+ "\Adobe Flash Player Updater"    "Adobe® Flash® Player Update Service 11.6 r602"    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"    "01/03/2013 02:40"
+ "\Game_Booster_AutoUpdate"    "Helps you update Game Booster to latest version."    "IObit"    "c:\program files (x86)\iobit\game booster 3\autoupdate.exe"    "23/04/2012 09:55"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "10/06/2009 20:36"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "14/07/2009 00:24"
+ "\ROC_JAN2013_TB_rmv"    ""    ""    "File not found: C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe"    ""
+ "\RtlDashSrvStart"    "Realtek Dash Client Tool"    "Realtek Semiconductor Corporation"    "c:\program files (x86)\realtek\rtkdashclientinstaller\rtkdashclient.exe"    "05/11/2010 03:43"
+ "\SidebarExecute"    "Windows Desktop Gadgets"    "Microsoft Corporation"    "c:\program files\windows sidebar\sidebar.exe"    "20/11/2010 10:24"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "20/03/2013 16:41"
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"    "03/12/2012 07:34"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"    "01/03/2013 02:40"
+ "AMD External Events Utility"    "AMD External Events Service Module"    "AMD"    "c:\windows\system32\atiesrxx.exe"    "19/12/2012 19:56"
+ "avgfws"    "AVG Firewall Service"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgfws.exe"    "05/12/2012 00:41"
+ "AVGIDSAgent"    "Provides Identity Protection Against Cyber Crime."    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgidsagent.exe"    "02/11/2012 00:53"
+ "avgwd"    "AVG Watchdog Service"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"    "14/02/2012 01:24"
+ "DTSAudioService"    "DTS Audio Service"    "DTS"    "c:\program files\realtek\audio\hda\dtsaudioservice64.exe"    "20/05/2011 12:55"
+ "DTSRVC"    "Provides support for applications that control display settings."    ""    "c:\program files (x86)\common files\portrait displays\shared\dtsrvc.exe"    "28/01/2010 23:17"
+ "IDriverT"    "Provides support for the Running Object Table for InstallShield Drivers"    "Macrovision Corporation"    "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"    "04/04/2005 05:41"
+ "LBTServ"    "Logitech Bluetooth Service"    "Logitech, Inc."    "c:\program files\common files\logishrd\bluetooth\lbtserv.exe"    "27/09/2011 18:57"
+ "LightScribeService"    "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work."    "Hewlett-Packard Company"    "c:\program files (x86)\common files\lightscribe\lssrvc.exe"    "17/06/2009 19:10"
+ "MBAMScheduler"    "Malwarebytes Anti-Malware scheduler"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"    "14/12/2012 20:51"
+ "MBAMService"    "Malwarebytes Anti-Malware service"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"    "14/12/2012 20:51"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    ""    "File not found: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"    ""
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"    "27/07/2003 16:52"
+ "OverwolfUpdaterService"    ""    ""    "File not found: C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe"    ""
+ "PdiService"    "Provides support for applications that control display settings."    "Portrait Displays, Inc."    "c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe"    "18/12/2009 03:04"
+ "PnkBstrA"    "PunkBuster Service Component [v1034] http://www.evenbalance.com"    ""    "c:\windows\syswow64\pnkbstra.exe"    "17/11/2010 05:25"
+ "SpyHunter 4 Service"    "SpyHunter 4 Helper Service"    "Enigma Software Group USA, LLC."    "c:\program files\enigma software group\spyhunter\sh4service.exe"    "14/01/2013 18:07"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"    "14/07/2009 01:29"
+ "wlidsvc"    "Enables Windows Live ID authentication."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"    "18/08/2009 19:47"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "20/11/2010 11:18"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "20/03/2013 16:41"
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"    "05/12/2008 23:54"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"    "01/05/2007 17:30"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"    "28/02/2007 00:04"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"    "13/07/2009 23:19"
+ "ALSysIO"    ""    ""    "File not found: C:\Users\David\AppData\Local\Temp\ALSysIO64.sys"    ""
+ "amdkmdag"    "ATI Radeon Kernel Mode Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmdag.sys"    "19/12/2012 20:38"
+ "amdkmdap"    "AMD multi-vendor Miniport Driver"    "Advanced Micro Devices, Inc."    "c:\windows\system32\drivers\atikmpag.sys"    "19/12/2012 19:32"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "19/03/2010 00:45"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "20/03/2009 18:36"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "19/03/2010 16:18"
+ "aqngm5ao"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\aqngm5ao.sys"    "19/03/2010 16:18"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"    "24/05/2007 21:27"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "14/01/2009 19:27"
+ "AtiHDAudioService"    "AMD High Definition Audio Function Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\atihdw76.sys"    "06/11/2012 21:41"
+ "atksgt"    ""    ""    "c:\windows\system32\drivers\atksgt.sys"    "16/09/2006 15:03"
+ "Avgfwfd"    "AVG network filter driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgfwd6a.sys"    "22/05/2011 22:33"
+ "AVGIDSDriver"    "AVG Technologies IDS Application Activity Monitor Driver"    "AVG Technologies CZ, s.r.o. "    "c:\windows\system32\drivers\avgidsdrivera.sys"    "10/12/2012 02:03"
+ "AVGIDSFilter"    "AVG Technologies IDS Application Activity Monitor Filter Driver"    "AVG Technologies CZ, s.r.o. "    "c:\windows\system32\drivers\avgidsfiltera.sys"    "23/12/2011 12:05"
+ "AVGIDSHA"    "AVG Technologies IDS Application Activity Monitor Helper Driver"    "AVG Technologies CZ, s.r.o. "    "c:\windows\system32\drivers\avgidsha.sys"    "19/04/2012 02:19"
+ "Avgldx64"    "AVG AVI Loader Driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgldx64.sys"    "08/11/2012 02:24"
+ "Avgmfx64"    "AVG Resident Shield Minifilter Driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgmfx64.sys"    "23/12/2011 12:08"
+ "Avgrkx64"    "AVG Anti-Rootkit Driver"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgrkx64.sys"    "31/01/2012 03:11"
+ "Avgtdia"    "AVG Network connection watcher"    "AVG Technologies CZ, s.r.o."    "c:\windows\system32\drivers\avgtdia.sys"    "24/08/2012 13:20"
+ "avgtp"    ""    "AVG Technologies"    "c:\windows\system32\drivers\avgtpx64.sys"    "24/12/2012 10:14"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "13/02/2009 22:18"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"    "26/04/2009 11:14"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "07/08/2006 01:51"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"    "07/08/2006 01:51"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"    "07/08/2006 01:51"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"    "07/08/2006 01:51"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"    "07/08/2006 01:51"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"    "09/08/2006 12:11"
+ "ccSNORQBODV"    ""    ""    "File not found: C:\ProgramData\18F1B700_S_drv"    ""
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"    "13/07/2009 23:19"
+ "copperhd"    "Diamondback USB Optical Mouse Driver"    "Razer (Asia-Pacific) Pte Ltd"    "c:\windows\system32\drivers\copperhd.sys"    "24/05/2006 03:51"
+ "dtsoftbus01"    "DAEMON Tools Virtual Bus Driver"    "DT Soft Ltd"    "c:\windows\system32\drivers\dtsoftbus01.sys"    "13/01/2012 13:45"
+ "EagleX64"    ""    ""    "File not found: C:\Windows\system32\drivers\EagleX64.sys"    ""
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"    "31/12/2008 16:29"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"    "03/02/2009 22:52"
+ "esgiguard"    ""    ""    "c:\program files\enigma software group\spyhunter\esgiguard.sys"    "02/03/2011 15:14"
+ "EsgScanner"    "Enigma Scan filter"    ""    "c:\windows\system32\drivers\esgscanner.sys"    "31/05/2012 07:38"
+ "hamachi"    "Hamachi Virtual Network Interface Driver"    "LogMeIn, Inc."    "c:\windows\system32\drivers\hamachi.sys"    "19/02/2009 10:36"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"    "11/05/2009 08:26"
+ "hitmanpro37"    "HitmanPro 3.7 Support Driver"    ""    "c:\windows\system32\drivers\hitmanpro37.sys"    "13/12/2012 10:39"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "20/04/2010 18:32"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "11/06/2010 00:46"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"    "13/12/2005 21:47"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkvhd64.sys"    "27/03/2012 09:01"
+ "LHidFilt"    "Logitech HID Filter Driver."    "Logitech, Inc."    "c:\windows\system32\drivers\lhidfilt.sys"    "02/09/2011 06:23"
+ "lirsgt"    ""    ""    "c:\windows\system32\drivers\lirsgt.sys"    "29/01/2006 11:13"
+ "LMouFilt"    "Logitech Mouse Filter Driver."    "Logitech, Inc."    "c:\windows\system32\drivers\lmoufilt.sys"    "02/09/2011 06:23"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"    "09/12/2008 22:46"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "19/05/2009 00:20"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"    "19/05/2009 00:31"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"    "16/04/2009 22:13"
+ "MBAMProtector"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\windows\system32\drivers\mbam.sys"    "20/08/2012 16:49"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"    "19/05/2009 01:09"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "19/05/2009 01:25"
+ "MEIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"    "19/10/2010 23:33"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"    "06/06/2006 21:11"
+ "NPF"    "npf.sys (NT5/6 AMD64) Kernel Driver"    "CACE Technologies, Inc."    "c:\windows\system32\drivers\npf.sys"    "20/10/2009 18:00"
+ "nusb3hub"    "USB 3.0 Hub Driver"    "NEC Electronics Corporation"    "c:\windows\system32\drivers\nusb3hub.sys"    "22/01/2010 03:22"
+ "nusb3xhc"    "USB 3.0 Host Controller Driver"    "NEC Electronics Corporation"    "c:\windows\system32\drivers\nusb3xhc.sys"    "22/01/2010 03:22"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "19/03/2010 20:59"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "19/03/2010 20:45"
+ "PdiPorts"    "PdiPorts Device Driver"    "Portrait Displays, Inc."    "c:\windows\system32\drivers\pdiports.sys"    "18/12/2009 03:06"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"    "22/01/2009 23:05"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"    "19/05/2009 01:18"
+ "RimUsb"    "BlackBerry Device Driver"    "Research In Motion Limited"    "c:\windows\system32\drivers\rimusb_amd64.sys"    "14/05/2007 16:06"
+ "RtDashPt"    "Realtek DASH Protocol Driver"    "Windows ® Codename Longhorn DDK provider"    "c:\windows\system32\drivers\rtdashpt.sys"    "09/02/2010 02:33"
+ "RTL8167"    "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                "    "Realtek                                            "    "c:\windows\system32\drivers\rt64win7.sys"    "10/06/2011 06:33"
+ "SCDEmu"    "PowerISO Virtual Drive"    "PowerISO Computing, Inc."    "c:\windows\system32\drivers\scdemu.sys"    "15/06/2011 08:29"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "13/09/2006 13:18"
+ "Serial"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\serial.sys"    "14/07/2009 00:00"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "24/09/2008 18:28"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "01/10/2008 21:56"
+ "skfiltv"    "Creative Audio Driver"    "Creative Technology Ltd."    "c:\windows\system32\drivers\skfiltv.sys"    "14/08/2008 06:48"
+ "speedfan"    "SpeedFan x64 Driver"    "Almico Software"    "c:\windows\syswow64\speedfan.sys"    "18/03/2011 16:08"
+ "sptd"    "SCSI Pass Through Direct Host"    "Duplex Secure Ltd."    "c:\windows\system32\drivers\sptd.sys"    "18/08/2012 21:05"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"    "17/02/2009 23:03"
+ "tap0901"    "TAP-Win32 Virtual Network Driver"    "The OpenVPN Project"    "c:\windows\system32\drivers\tap0901.sys"    "20/11/2009 13:26"
+ "tap0901t"    "TAP-Win32 Virtual Network Driver"    "Tunngle.net"    "c:\windows\system32\drivers\tap0901t.sys"    "16/09/2009 06:02"
+ "tizekdrv"    ""    ""    "File not found: C:\Users\David\AppData\Roaming\TZAC\tizek64.sys"    ""
+ "tizeqdrv"    ""    ""    "c:\users\david\appdata\roaming\tzac2\tizeq64.sys"    "11/06/2012 11:32"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"    "13/07/2009 23:19"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "31/01/2009 01:18"
+ "WinRing0_1_2_0"    "WinRing0"    "OpenLibSys.org"    "c:\program files (x86)\iobit\game booster 3\driver\winring0x64.sys"    "26/07/2008 13:29"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "14/02/2013 05:45"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "14/07/2009 01:28"
+ "VIDC.FPS1"    "Fraps"    "Beepa P/L"    "c:\windows\system32\frapsv64.dll"    "22/10/2011 11:21"
+ "VIDC.XFR1"    "Xfire Video Codec"    ""    "c:\windows\system32\xfcodec64.dll"    "21/03/2013 03:17"
+ "vidc.xtor"    "Dxtory DirectShow and VFW Decoder"    "Dxtory Software"    "c:\windows\system32\dxtorycodec64.dll"    "23/05/2011 14:29"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "28/03/2013 22:12"
+ "msacm.bdmpeg"    ""    ""    "c:\windows\syswow64\bdmpega.acm"    "09/07/2009 01:02"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"    "14/07/2009 01:06"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"    "20/11/2010 11:59"
+ "VIDC.FPS1"    "Fraps"    "Beepa P/L"    "c:\windows\syswow64\frapsvid.dll"    "22/10/2011 11:21"
+ "vidc.mpeg"    ""    ""    "c:\windows\syswow64\bdmpegv.dll"    "09/07/2009 01:02"
+ "VIDC.XFR1"    "Xfire Video Codec"    ""    "c:\windows\syswow64\xfcodec.dll"    "21/03/2013 04:05"
+ "vidc.xtor"    "Dxtory DirectShow and VFW Decoder"    "Dxtory Software"    "c:\windows\syswow64\dxtorycodec.dll"    "23/05/2011 14:23"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "14/07/2009 04:53"
+ "AMD MJPEG Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"    "19/12/2012 20:29"
+ "Dxtory Video Decoder"    "Dxtory DirectShow and VFW Decoder"    "Dxtory Software"    "c:\windows\system32\dxtorycodec64.dll"    "23/05/2011 14:29"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""    "14/07/2009 04:53"
+ "AMD MJPEG Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "ATI MPEG Audio Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "ATI MPEG File Writer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "ATI MPEG Multiplexer"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "ATI MPEG Video Decoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "ATI MPEG Video Encoder"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "ATI Ticker"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"    "19/12/2012 20:12"
+ "ATI Video Rotation Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "ATI Video Scaler Filter"    "ATI MPEG Encoder"    "Advanced Micro Devices Inc."    "c:\program files (x86)\common files\ati technologies\multimedia\atimpenc.dll"    "19/12/2012 20:25"
+ "DirectVobSub"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "Gabest"    "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll"    "31/10/2009 18:28"
+ "DirectVobSub (auto-loading version)"    "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth"    "Gabest"    "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll"    "31/10/2009 18:28"
+ "Dxtory Video Decoder"    "Dxtory DirectShow and VFW Decoder"    "Dxtory Software"    "c:\windows\syswow64\dxtorycodec.dll"    "23/05/2011 14:23"
+ "ffdshow Audio Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"    "23/02/2011 13:32"
+ "ffdshow Audio Processor"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"    "23/02/2011 13:32"
+ "ffdshow DXVA Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"    "23/02/2011 13:32"
+ "ffdshow raw video filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"    "23/02/2011 13:32"
+ "ffdshow subtitles filter"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"    "23/02/2011 13:32"
+ "ffdshow Video Decoder"    "DirectShow and VFW video and audio decoding/encoding/processing filter"    ""    "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax"    "23/02/2011 13:32"
+ "GBFPSSource Filter"    "FPS Video Record Source Filter"    "IObit"    "c:\program files (x86)\iobit\game booster 3\fpssource.dll"    "26/04/2012 12:56"
+ "Haali Matroska Muxer"    "Haali Media Splitter"    ""    "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"    "07/11/2010 12:18"
+ "Haali Media Splitter"    "Haali Media Splitter"    ""    "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"    "07/11/2010 12:18"
+ "Haali Media Splitter (AR)"    "Haali Media Splitter"    ""    "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"    "07/11/2010 12:18"
+ "Haali Simple Media Splitter"    "Haali Media Splitter"    ""    "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"    "07/11/2010 12:18"
+ "Haali Video Renderer"    ""    ""    "c:\program files (x86)\k-lite codec pack\filters\haali\dxr.dll"    "07/11/2010 12:16"
+ "Haali Video Sink"    "Haali Media Splitter"    ""    "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax"    "07/11/2010 12:18"
+ "Key Frame Manager"    "Key Frame Manager DS Filter"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_kfrmanager.ax"    "20/09/2010 08:05"
+ "LAME Audio Encoder"    "LAME Audio Encoder"    ""    "c:\program files (x86)\iobit\game booster 3\lame.ax"    "02/03/2012 08:30"
+ "madFlac Decoder"    "DirectShow FLAC Decoder"    "www.madshi.net"    "c:\program files (x86)\k-lite codec pack\filters\madflac.ax"    "19/06/1992 22:22"
+ "madFlac Source"    "DirectShow FLAC Decoder"    "www.madshi.net"    "c:\program files (x86)\k-lite codec pack\filters\madflac.ax"    "19/06/1992 22:22"
+ "Matroska Muxer"    "Matroska Muxer"    "Gabest"    "c:\program files (x86)\iobit\game booster 3\matroskamuxer.ax"    "16/08/2004 13:41"
+ "Matroska Source"    "Matroska Splitter"    "Gabest"    "c:\program files (x86)\iobit\game booster 3\matroskasplitter.ax"    "10/03/2006 20:48"
+ "Matroska Splitter"    "Matroska Splitter"    "Gabest"    "c:\program files (x86)\iobit\game booster 3\matroskasplitter.ax"    "10/03/2006 20:48"
+ "MMACE Deinterlace"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"    "19/12/2012 20:13"
+ "MMACE ProcAmp"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"    "19/12/2012 20:13"
+ "MMACE SoftEmu"    ""    ""    "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"    "19/12/2012 20:13"
+ "MPC - FLV Source (Gabest)"    "FLV Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax"    "02/02/2011 04:00"
+ "MPC - FLV Splitter (Gabest)"    "FLV Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax"    "02/02/2011 04:00"
+ "MPC - MP4 Source"    "MP4 Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"    "02/02/2011 04:10"
+ "MPC - MP4 Splitter"    "MP4 Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"    "02/02/2011 04:10"
+ "MPC - Mpeg Source (Gabest)"    "Mpeg Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\mpegsplitter.ax"    "02/02/2011 16:04"
+ "MPC - Mpeg Splitter (Gabest)"    "Mpeg Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\mpegsplitter.ax"    "02/02/2011 16:04"
+ "MPC - MPEG4 Video Source"    "MP4 Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"    "02/02/2011 04:10"
+ "MPC - MPEG4 Video Splitter"    "MP4 Splitter"    "MPC-HC Team"    "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax"    "02/02/2011 04:10"
+ "SMM Media Jointer"    "Media Joiner Filter"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_mediajointer.ax"    "15/06/2009 03:43"
+ "SolveigMM ASF Multiplexer"    "SMM_ASFMuxer.ax"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_asfmuxer.ax"    "25/08/2010 04:18"
+ "SolveigMM Audio Mixer"    "Audio Mixing DirectShow filter"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_audiomixer.ax"    "13/11/2010 04:28"
+ "SolveigMM File Writer"    "SolveigMM File Writer"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_filewriter.ax"    "19/08/2010 07:39"
+ "SolveigMM PushSource Desktop Filter"    "SMM_ScrCapture.ax"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_scrcapture.ax"    "13/11/2010 10:27"
+ "SolveigMM Time Shifter"    "SMM_TimeShifter.ax"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_timeshifter.ax"    "24/11/2010 04:31"
+ "SolveigMM Trimmer Filter"    "Trimmer DS Filter"    "Solveig Multimedia"    "c:\program files (x86)\common files\solveig multimedia\smm_trimmer.ax"    "24/04/2009 03:53"
+ "WavPack Audio Decoder"    "WavPack Audio DirectShow Decoder"    "-"    "c:\program files (x86)\k-lite codec pack\filters\wavpackdsdecoder.ax"    "04/03/2007 09:50"
+ "WavPack Audio Splitter"    "WavPack Audio DirectShow Splitter"    "-"    "c:\program files (x86)\k-lite codec pack\filters\wavpackdssplitter.ax"    "02/10/2007 22:09"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute"    ""    ""    ""    "28/03/2013 22:11"
+ "C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart"    "AVG Resident Shield Service"    "AVG Technologies CZ, s.r.o."    "c:\program files (x86)\avg\avg2012\avgrsa.exe"    "08/11/2012 01:37"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers"    ""    ""    ""    "14/07/2009 04:53"
+ "WLIDCredentialProvider"    "Microsoft® Windows Live ID Credential Provider"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"    "18/08/2009 19:47"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""    "28/03/2013 22:12"
+ "LBTWlgn"    "Logitech Bluetooth Service"    "Logitech, Inc."    "c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll"    "27/09/2011 18:57"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries"    ""    ""    ""    "24/11/2011 21:16"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"    "18/08/2009 18:28"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"    "18/08/2009 18:28"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"    ""    ""    ""    "24/11/2011 21:16"
+ "WindowsLive Local NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "18/08/2009 19:47"
+ "WindowsLive NSP"    "Microsoft® Windows Live ID Namespace Provider"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"    "18/08/2009 19:47"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""    "28/03/2013 22:12"
+ "Epson Inbox Language Monitor01"    "Epson Printer Driver"    "SEIKO EPSON CORPORATION"    "c:\windows\system32\ep0slm01.dll"    "14/07/2009 01:29"
 

 

NOTE: after rebooting pc as instructed by adware cleaner, the fake svchost.exe started on startup as normal, so i manually deleted from task manager again for now.


Edited by aarond2lod, 28 March 2013 - 05:21 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:19 PM

Posted 28 March 2013 - 05:17 PM

Autoruns log?



#10 aarond2lod

aarond2lod
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 March 2013 - 05:53 PM

Autoruns log?

 

It's there, i was editting the post as they completed :)



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:19 PM

Posted 28 March 2013 - 06:03 PM

Run ESET online scanner once again and post the new log



#12 aarond2lod

aarond2lod
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:19 PM

Posted 28 March 2013 - 06:55 PM

Run ESET online scanner once again and post the new log

 

I'll have to do it tomorow, takes over 3 hours to scan and my pc gets turned off overnight. (12pm here atm)

Unless there a way to make it skip all my program files, then it would take ~20mins

 

edit: found a way, i unticked program files(x86), can do it tonight after all.

edit2: done.

 

Log:

 

C:\Users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F28T4FPU\svchost[1].exe    a variant of Win32/BitCoinMiner.N application    cleaned by deleting - quarantined
C:\Users\David\AppData\Local\Temp\svchost.exe    a variant of Win32/BitCoinMiner.N application    cleaned by deleting - quarantined


Edited by aarond2lod, 28 March 2013 - 08:08 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:19 PM

Posted 28 March 2013 - 09:01 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users